The frightening scenario was presented on Wednesday at the Hack in the Box security conference in Amsterdam. It's made possible by security weaknesses in the protocol used to send data to commercial planes and in flight-management software built by companies including Honeywell, Thales, and Rockwell Collins, Forbes reports. Vulnerable systems include the Aircraft Communications Addressing and Report System used for exchanging text messages between planes and ground stations using VHF radio or satellite signals. It has "virtually no authentication features to prevent spoofed commands."

Using a custom-developed Android app dubbed PlaneSploit, researcher Hugo Tesa of N.Runs showed how a virtual plane in a laboratory could be redirected. Because there's no means to cryptographically authenticate communications sent over ACARS, pilots have no way to confirm if messages they receive in the cockpit are valid. Malformed messages can then be used to trigger vulnerabilities, Tesa told Forbes.

A Honeywell spokesman told reporter Andy Greenberg that the company is taking the research seriously. But the spokesman went on to say there's a difference between exploiting something in a lab and doing it in a real-world environment. Because the researcher used a publicly available PC simulation program, the flight-management system he exploited "doesn't have the same protections against overwriting or corrupting as our certified flight software," he said. An N.Runs researcher countered that vulnerabilities in the flight-management software weren't related to the simulation program and would also be found in equipment used in real planes.

In any event, Tesa admits pilots could still override malicious commands by taking manual control of a plane. That still wouldn't prevent hackers from performing disruptive stunts such as causing a cockpit's lights to blink or passengers' pressurized air masks to drop.

Tesa has some helpful descriptions of some of the vulnerable equipment here.

Promoted Comments

ACARS is for messaging and maintenance data. The primary source of navigation data on commercial aircraft is usually the onboard flight management system. For most modern aircraft this will consist of both inertial and GPS data, so hacking the ACARS should have no impact on navigation. And even if the flight management system were hacked, there are always the classic flight instruments like the compass, airspeed indicator, altimeter, etc the pilot can use!

Many planes use ACARS to communicate telemetry and system-level data between airline ground stations and the FMS. Most planes today DO have a datalink interface between the ACARS MU and the FMS.

But even if the attack is limited to "just" confusing the information on the flight display systems, that could certainly be enough to cause an accident. Look at Air France 447 and Aeroperu 603. You're in the soup, and the pilot display says you are at FL200 and 350 KIAS, the copilot display says FL310 and 180 KIAS, and your backup analog instrument say something else.

THIS. As a pilot (and an IT guy), I can tell you that we kind of like our cockpit instruments telling the truth at all times. I've been in a position where a gauge was telling me something pretty serious was going on (overheating engine) whereas other sources (oil pressure and temp, and engine running fine) were telling me otherwise. I still cut to idle and landed as soon as possible though. There were two of us in the cockpit. One of us troubleshoot the problem, the other flew the plane. There have been many accidents caused solely by pilots concentrating on weird cockpit readouts and not noticing they were losing altitude.....

I have been concerned about this for a while now. I knew that ADS-B (the system used for tracking aircraft as part of the air traffic control system) had absolutely no built-in security, which some folks recognized as dangerous to the ATC system itself (which it is), but perhaps even more so because part of ADS-B is communicating the information about the location of other aircraft *back* to aircraft in flight, which then feeds the TCAS system which warns pilots how to respond to traffic threats.

Even more scary is the second thing this researcher found. Airliners use a system called ACARS to communicate between the aircraft and company ground stations, sending diagnostic and systems-level information. However, this researcher found a way to inject data via the ACARS into the Flight management System (FMS) , which could not only screw up what the pilot see on displays, but (in some planes that use an airbus-style control approach which inherently limits what control inputs pilots can make) could directly control the plane. The author makes a somewhat erroneous note that “pilots could always override the automatic systems”, but in at least some Airbus aircraft, pilot overrides are highly constrained when the aircraft (under input from the FMS) is in certain operation modes (called "law modes") . I'm not familiar enough with their design to know how easy it might be to "convince" an Airbus to switch between law modes based on erroneous inputs, but this scares me.

ACARS is for messaging and maintenance data. The primary source of navigation data on commercial aircraft is usually the onboard flight management system. For most modern aircraft this will consist of both inertial and GPS data, so hacking the ACARS should have no impact on navigation. And even if the flight management system were hacked, there are always the classic flight instruments like the compass, airspeed indicator, altimeter, etc the pilot can use!

ACARS is for messaging and maintenance data. The primary source of navigation data on commercial aircraft is usually the onboard flight management system. For most modern aircraft this will consist of both inertial and GPS data, so hacking the ACARS should have no impact on navigation. And even if the flight management system were hacked, there are always the classic flight instruments like the compass, airspeed indicator, altimeter, etc the pilot can use!

Many planes use ACARS to communicate telemetry and system-level data between airline ground stations and the FMS. Most planes today DO have a datalink interface between the ACARS MU and the FMS.

But even if the attack is limited to "just" confusing the information on the flight display systems, that could certainly be enough to cause an accident. Look at Air France 447 and Aeroperu 603. You're in the soup, and the pilot display says you are at FL200 and 350 KIAS, the copilot display says FL310 and 180 KIAS, and your backup analog instrument say something else.

It just makes you wonder why security is not a basic and fundamental part of the planning for control systems. It never occurred to them that this might become relevant?

No. It really never occurred to them.

People are STILL deploying commercial internet-facing systems with no thought for security.

Devs and engineers employed by avionics makers? Or industrial control systems? Or a million other industries? The word 'computer security' isn't even in the vocabulary there. Security is the fat guy manning the gates, dressed like an old NYC cop.

Until something really really bad happens... then they will have job openings for security consultants. They will listen to these consultants for about 2 months until they realize what a major pain in the ass it's going to be following their best practices. So the consultant loses credibility. The corp will implement the most obvious (cheapest?) security measures and then will ignore the consultant more and more.... until the next Really Bad Thing happens.

ACARS is for messaging and maintenance data. The primary source of navigation data on commercial aircraft is usually the onboard flight management system. For most modern aircraft this will consist of both inertial and GPS data, so hacking the ACARS should have no impact on navigation. And even if the flight management system were hacked, there are always the classic flight instruments like the compass, airspeed indicator, altimeter, etc the pilot can use!

Many planes use ACARS to communicate telemetry and system-level data between airline ground stations and the FMS. Most planes today DO have a datalink interface between the ACARS MU and the FMS.

But even if the attack is limited to "just" confusing the information on the flight display systems, that could certainly be enough to cause an accident. Look at Air France 447 and Aeroperu 603. You're in the soup, and the pilot display says you are at FL200 and 350 KIAS, the copilot display says FL310 and 180 KIAS, and your backup analog instrument say something else.

THIS. As a pilot (and an IT guy), I can tell you that we kind of like our cockpit instruments telling the truth at all times. I've been in a position where a gauge was telling me something pretty serious was going on (overheating engine) whereas other sources (oil pressure and temp, and engine running fine) were telling me otherwise. I still cut to idle and landed as soon as possible though. There were two of us in the cockpit. One of us troubleshoot the problem, the other flew the plane. There have been many accidents caused solely by pilots concentrating on weird cockpit readouts and not noticing they were losing altitude.....

ACARS is for messaging and maintenance data. The primary source of navigation data on commercial aircraft is usually the onboard flight management system. For most modern aircraft this will consist of both inertial and GPS data, so hacking the ACARS should have no impact on navigation. And even if the flight management system were hacked, there are always the classic flight instruments like the compass, airspeed indicator, altimeter, etc the pilot can use!

Many planes use ACARS to communicate telemetry and system-level data between airline ground stations and the FMS. Most planes today DO have a datalink interface between the ACARS MU and the FMS.

But even if the attack is limited to "just" confusing the information on the flight display systems, that could certainly be enough to cause an accident. Look at Air France 447 and Aeroperu 603. You're in the soup, and the pilot display says you are at FL200 and 350 KIAS, the copilot display says FL310 and 180 KIAS, and your backup analog instrument say something else.

THIS. As a pilot (and an IT guy), I can tell you that we kind of like our cockpit instruments telling the truth at all times. I've been in a position where a gauge was telling me something pretty serious was going on (overheating engine) whereas other sources (engine running fine) were telling me otherwise. I still cut to idle and landed as soon as possible though. There were two of us in the cockpit. One of us troubleshoot the problem, the other flew the plane. There have been many accidents caused solely by pilots concentrating on weird cockpit readouts and not noticing they were losing altitude.....

That's my point. I'm an IT guy and commercial pilot too (well, was before a couple of detached retinas and some friendly chats with my amigos in OK City), and can tell you that this really scares many of my friends who fly for the airlines. Look at Aeroperu 603. If you could simulate that kind of common-system control failure via an remote attack? God only knows the havoc one could create.

When are companies going to learn that ignoring security in the short run is going to f*$^ them over in the long run?

Especially when the consequences aren't limited to just money and embarrassment.

Right around the time when adding security doesn't also exponentially increase the development time while providing new and unexpected ways for mission-critical systems to fail spectacularly due to circumstances beyond the developer's control.

Ok so my question is whats up with the Software Defined Radio(SDR) stuff? I read the guys presentation and I didn't see anything about the SDR chip being used. The original article that covered it acted like he accomplished this with just the phone.

What is the legitimacy of this happening. Or I should rephrase. What's the likeliness that other people have found this flaw. My real question is, why wasn't the airlines notified about this prior to a huge press conference about it. This type of thing should be CORRECTED before you let people know its possible.

A Honeywell spokesman told reporter Andy Greenberg that the company is taking the research seriously. But the spokesman went on to say there's a difference between exploiting something in a lab and doing it in a real-world environment. Because the researcher used a publicly available PC simulation program, the flight-management system he exploited "doesn't have the same protections against overwriting or corrupting as our certified flight software," he said.

That sounds like a challenge to me. So who's going to be first to prove this ass[umer] wrong!?

This is probably the same type of BS that Siemens used when someone proved that their control systems could be compromised during a simulation in a lab/test environment. Then low and behold, reality check, their systems were exploited in the real world. Just because something is done in a simulation with different settings/controls doesn't make the threat any less dangerous. Saying they take it seriously and then trying to down play it at the same time, must be taking a page out of Oracle/Microsoft play book.

The radio equipment on older avionics equipment is easily 20-30 years old. Standards that were introduced and revolutionary at the time have seen little update especially in the past 12 years as airlines have struggled to not hemmorage money. The simple matter is you can say oh my god how didnt anyone plan for this but when the older model TCAS processors (used on euro airlines, cargo jets, etc) are using 386 CPUs to resolve traffic conflicts, it should tell you how out of date these systems are.

Making it worse the FAA could mandate a drastic change to avionics but it would be so expensive it would put every airline out of business. You are talking completely gutting the way the avionics systems talk to each other old 429 specs to the new 664s on the dreamliners. I would be interested to see how the guy who spoofed messages did so, because if he is tapped directly into the avionics bay then yeah not much you can do about it. Spoofing the signals through RF could be a problem but would require specialized software/hardware.

All in all I think this is a bad thing and brings to light the problems of having smartphones be powerful computers vs the lack of security emphasis of legacy equipment on older industrial systems (even thumb drives were unheard far enough back), but I don't see needing to be scared of flying because of this yet.

However, this researcher found a way to inject data via the ACARS into the Flight management System (FMS) , which could not only screw up what the pilot see on displays, but (in some planes that use an airbus-style control approach which inherently limits what control inputs pilots can make) could directly control the plane. The author makes a somewhat erroneous note that “pilots could always override the automatic systems”, but in at least some Airbus aircraft, pilot overrides are highly constrained when the aircraft (under input from the FMS) is in certain operation modes (called "law modes") . I'm not familiar enough with their design to know how easy it might be to "convince" an Airbus to switch between law modes based on erroneous inputs, but this scares me.

Disclaimer: I'm not a pilot. This is only how I understand that these systems work.

You're confusing the FMS with the FCDCs and ADIRUs on Airbus aircraft. Basically, the FMS has the flight plan and certain other parameters in it that tells the autopilot where to go. The FCDC and ADIRU process a bunch of sensors that tells the plane how it's flying and sets the limits that you're talking about. With the autopilot engaged and in the mode that tells it to follow the flight plan in the FMS, it will follow the stuff that's in the FMS. That's still pretty serious if it gets overwritten, but it's very easy to override the FMS: you just turn the autopilot off. This even applies in Airbus fly-by-wire planes.

The control law modes you're talking about and pilot overrides to the fly-by-wire system have nothing to do with the FMS. That's based on sensors and inputs to the flight control computers, and it prevents pilots from putting in control inputs that would cause the plane to crash. On an Airbus plane, if the autopilot's off, you push the stick left and the plane rolls left. The computers will hold the plane to the left. None of this has to do with the FMS.

What is the legitimacy of this happening. Or I should rephrase. What's the likeliness that other people have found this flaw. My real question is, why wasn't the airlines notified about this prior to a huge press conference about it. This type of thing should be CORRECTED before you let people know its possible.

Like TheThirdDictor mentioned, anyone with an eye for security knew that the current flight communication systems were completely unprotected, and that this was a problem waiting to happen. I would be shocked if the "bad guys" haven't already been looking at these vulnerabilities in general.

Furthermore, this isn't like a software bug that can be patched in a few days/weeks/months. It is fundamentally broken infrastructure that will take years/decades to replace, and there is currently no plan to do anything to fix it. Demonstrating the potential risks of our current system can only do good by bringing attention to the gravity of the issue. It's not like he published a full detailed exploit.

There were two of us in the cockpit. One of us troubleshoot the problem, the other flew the plane. There have been many accidents caused solely by pilots concentrating on weird cockpit readouts and not noticing they were losing altitude.....

L-1011 crashed in the Everglades because a burnt out bulb made them think the front landing gear had not come down, they were desperately trying to visually verify and failed to notice the autopilot was not in "hold altitude" and it descended so slowly nobody noticed.

So, yeah, I don't want to be in a plane where lights have a mind of their own. I want my pilots to trust their readouts.

However, this researcher found a way to inject data via the ACARS into the Flight management System (FMS) , which could not only screw up what the pilot see on displays, but (in some planes that use an airbus-style control approach which inherently limits what control inputs pilots can make) could directly control the plane. The author makes a somewhat erroneous note that “pilots could always override the automatic systems”, but in at least some Airbus aircraft, pilot overrides are highly constrained when the aircraft (under input from the FMS) is in certain operation modes (called "law modes") . I'm not familiar enough with their design to know how easy it might be to "convince" an Airbus to switch between law modes based on erroneous inputs, but this scares me.

Disclaimer: I'm not a pilot. This is only how I understand that these systems work.

You're confusing the FMS with the FCDCs and ADIRUs on Airbus aircraft. Basically, the FMS has the flight plan and certain other parameters in it that tells the autopilot where to go. The FCDC and ADIRU process a bunch of sensors that tells the plane how it's flying and sets the limits that you're talking about. With the autopilot engaged and in the mode that tells it to follow the flight plan in the FMS, it will follow the stuff that's in the FMS. That's still pretty serious if it gets overwritten, but it's very easy to override the FMS: you just turn the autopilot off. This even applies in Airbus fly-by-wire planes.

The control law modes you're talking about and pilot overrides to the fly-by-wire system have nothing to do with the FMS. That's based on sensors and inputs to the flight control computers, and it prevents pilots from putting in control inputs that would cause the plane to crash. On an Airbus plane, if the autopilot's off, you push the stick left and the plane rolls left. The computers will hold the plane to the left. None of this has to do with the FMS.

Again, I could be totally wrong with all of this.

Well, I'm not type-rated on any Airbus equipment, so I certainly could be wrong. But I believe the ADIRU is responsible for the *sensing* of the flight parameters, while the FMS integrates the ADIRS with the flight control systems themselves. The FMS also manages the VNAV stuff, so it isn't just lateral guidance either. For instance, I can imagine a scenario when the VNAV is attacked, setting "right here" as the TOD (top of descent) point. Depending on the altitude the ADIRU "tells" the FMS the plane is at, if the plane is set to alternate law, certain descent gradient limits are overridden (again, I've never sat anywhere forward of seat 3A on anything made by Airbus, but this is from general memory), and the FMS dumps the plane over in a fairly steep dive.

This is all highly interrelated. Lots and lots of interdependent systems here. But I know that on many Boeings (and presumably on the Airbuses as well), FMS systems have progressed far beyond simple flight planning and become deeply integrated into pretty much every aspect of flight management. I know that in general when *I* speak of the "FMS" I'm speaking of the interrelated systems, and not just the "conventional" FMS and CDU.

I don't know all the details of the attacks described by the researcher, and I'm not close enough anymore to the big iron that this might affect, but I'm pretty sure it isn't isolated to JUST the traditional FMS or the ACARS. I am 99% sure that the FCDCs are integrated with the FMS and other flight control computers (of which there are a bunch, IIRC) , but I'm not exactly sure how.

But again, I could certainly be wrong too. If anyone who knows more has any info, I'd love to hear it.

Okay I read the Forbes report and yes the guy is using a SDR and his smartphone, meaning this exploit is capable of being used when a plane is most vulnerable, take off/landing. Author the SDR portion of the story is kinda important as it changes the tone from something a troublemaker can do in the air, to something that can only be done on the ground with specialized equipment and a base station capable of putting out enough RF (an advanced ham radio operator) to exploit the lack of security.

Here's the real reason you can't play "Words with friends" on your flight: aircraft software has zero security, and any dumbass with a phone & an app can start screwing around with critical in-flight systems.

Okay I read the Forbes report and yes the guy is using a SDR and his smartphone, meaning this exploit is capable of being used when a plane is most vulnerable, take off/landing. Author the SDR portion of the story is kinda important as it changes the tone from something a troublemaker can do in the air, to something that can only be done on the ground with specialized equipment and a base station capable of putting out enough RF (an advanced ham radio operator) to exploit the lack of security.

Which puts it firmly in the lap of those who would like to cause serious disruptions, and really doesn't make the situation much better.I guess now we'll have to cut back to .5 oz of shampoo in the baggie to compensate for this.

Even more scary is the second thing this researcher found. Airliners use a system called ACARS to communicate between the aircraft and company ground stations, sending diagnostic and systems-level information. However, this researcher found a way to inject data via the ACARS into the Flight management System (FMS) , which could not only screw up what the pilot see on displays, but (in some planes that use an airbus-style control approach which inherently limits what control inputs pilots can make) could directly control the plane. The author makes a somewhat erroneous note that “pilots could always override the automatic systems”, but in at least some Airbus aircraft, pilot overrides are highly constrained when the aircraft (under input from the FMS) is in certain operation modes (called "law modes") . I'm not familiar enough with their design to know how easy it might be to "convince" an Airbus to switch between law modes based on erroneous inputs, but this scares me.

I had about 1500 hours in an Airbus A-320 before I retired. ACARS, as has been mentioned is a messaging system. Even if there is some interconnections between it and the FMS (Flight Management System) there is nothing that would prevent the pilot from disengaging the nav functions and putting the autopilot into heading and altitude hold, or even completely disengaging it and hand flying. I would assume that when the pilots notice their aircraft charging off the assigned route they would take some action while they figured out what was happening. What you call "law modes" (control law modes?) have nothing to do with navigation, they concern the programing of the computers that manipulate the control surfaces.

Well, I'm not type-rated on any Airbus equipment, so I certainly could be wrong. But I believe the ADIRU is responsible for the *sensing* of the flight parameters, while the FMS integrates the ADIRS with the flight control systems themselves. The FMS also manages the VNAV stuff, so it isn't just lateral guidance either. For instance, I can imagine a scenario when the VNAV is attacked, setting "right here" as the TOD (top of descent) point. Depending on the altitude the ADIRU "tells" the FMS the plane is at, if the plane is set to alternate law, certain descent gradient limits are overridden (again, I've never sat anywhere forward of seat 3A on anything made by Airbus, but this is from general memory), and the FMS dumps the plane over in a fairly steep dive.

Right. I didn't mean to imply in my reply that that isn't true, although I think if there's too much of a discrepancy with where the plane is and the flight plan the autopilot just turns off, or maybe goes into a different nav mode. It's definitely still a serious vulnerability, especially given how many accidents have happened because of conflicting information in the cockpit.

I meant that the pilots could still grab the stick, shut off the autopilot, and fly the plane, because I don't think the research was meant to imply that it was an attack on the AIDRUs.

ACARS is for messaging and maintenance data. The primary source of navigation data on commercial aircraft is usually the onboard flight management system. For most modern aircraft this will consist of both inertial and GPS data, so hacking the ACARS should have no impact on navigation. And even if the flight management system were hacked, there are always the classic flight instruments like the compass, airspeed indicator, altimeter, etc the pilot can use!

Many planes use ACARS to communicate telemetry and system-level data between airline ground stations and the FMS. Most planes today DO have a datalink interface between the ACARS MU and the FMS.

But even if the attack is limited to "just" confusing the information on the flight display systems, that could certainly be enough to cause an accident. Look at Air France 447 and Aeroperu 603. You're in the soup, and the pilot display says you are at FL200 and 350 KIAS, the copilot display says FL310 and 180 KIAS, and your backup analog instrument say something else.

THIS. As a pilot (and an IT guy), I can tell you that we kind of like our cockpit instruments telling the truth at all times. I've been in a position where a gauge was telling me something pretty serious was going on (overheating engine) whereas other sources (oil pressure and temp, and engine running fine) were telling me otherwise. I still cut to idle and landed as soon as possible though. There were two of us in the cockpit. One of us troubleshoot the problem, the other flew the plane. There have been many accidents caused solely by pilots concentrating on weird cockpit readouts and not noticing they were losing altitude.....

I'm a pilot and programmer too, and I have a really hard time believing that the air speed, artificial horizon, Altimeter and compass are exploitable in this way. In the soup, that's all you need. The most important thing is and will always be what you say, though, FLY THE PLANE.

Even more scary is the second thing this researcher found. Airliners use a system called ACARS to communicate between the aircraft and company ground stations, sending diagnostic and systems-level information. However, this researcher found a way to inject data via the ACARS into the Flight management System (FMS) , which could not only screw up what the pilot see on displays, but (in some planes that use an airbus-style control approach which inherently limits what control inputs pilots can make) could directly control the plane. The author makes a somewhat erroneous note that “pilots could always override the automatic systems”, but in at least some Airbus aircraft, pilot overrides are highly constrained when the aircraft (under input from the FMS) is in certain operation modes (called "law modes") . I'm not familiar enough with their design to know how easy it might be to "convince" an Airbus to switch between law modes based on erroneous inputs, but this scares me.

I had about 1500 hours in an Airbus A-320 before I retired. ACARS, as has been mentioned is a messaging system. Even if there is some interconnections between it and the FMS (Flight Management System) there is nothing that would prevent the pilot from disengaging the nav functions and putting the autopilot into heading and altitude hold, or even completely disengaging it and hand flying. I would assume that when the pilots notice their aircraft charging off the assigned route they would take some action while they figured out what was happening. What you call "law modes" (control law modes?) have nothing to do with navigation, they concern the programing of the computers that manipulate the control surfaces.

Thanks for clarifying. Do Airbuses have datalinks between ACARS MU and the FMS? Also, aren't the FCDCs integrated with the FMS as well? It has been a long time since I flew anything bigger than a twin Cessna, but the back in the 1990s I distinctly remember the FMS has an ACARS datalink and the FMS ALSO controlled (or at least was linked to) flight control stuff like VNAV.

ACARS is for messaging and maintenance data. The primary source of navigation data on commercial aircraft is usually the onboard flight management system. For most modern aircraft this will consist of both inertial and GPS data, so hacking the ACARS should have no impact on navigation. And even if the flight management system were hacked, there are always the classic flight instruments like the compass, airspeed indicator, altimeter, etc the pilot can use!

Many planes use ACARS to communicate telemetry and system-level data between airline ground stations and the FMS. Most planes today DO have a datalink interface between the ACARS MU and the FMS.

But even if the attack is limited to "just" confusing the information on the flight display systems, that could certainly be enough to cause an accident. Look at Air France 447 and Aeroperu 603. You're in the soup, and the pilot display says you are at FL200 and 350 KIAS, the copilot display says FL310 and 180 KIAS, and your backup analog instrument say something else.

THIS. As a pilot (and an IT guy), I can tell you that we kind of like our cockpit instruments telling the truth at all times. I've been in a position where a gauge was telling me something pretty serious was going on (overheating engine) whereas other sources (oil pressure and temp, and engine running fine) were telling me otherwise. I still cut to idle and landed as soon as possible though. There were two of us in the cockpit. One of us troubleshoot the problem, the other flew the plane. There have been many accidents caused solely by pilots concentrating on weird cockpit readouts and not noticing they were losing altitude.....

I'm a pilot and programmer too, and I have a really hard time believing that the air speed, artificial horizon, Altimeter and compass are exploitable in this way. In the soup, that's all you need. The most important thing is and will always be what you say, though, FLY THE PLANE.

Easy to say (and I agree). But not so easy to do. Look at Aeroperu 603. IFR. Night. Over water. PFDs showing all kinds of screwy information. Are we at FL310? Are we at 180 KIAS? or 330? Two very experienced and competent pilots couldn't pull it off. Similar to Air France 447. Again, I don't know the full extent of the attacks, but I know enough to be *really* concerned.

ACARS is for messaging and maintenance data. The primary source of navigation data on commercial aircraft is usually the onboard flight management system. For most modern aircraft this will consist of both inertial and GPS data, so hacking the ACARS should have no impact on navigation. And even if the flight management system were hacked, there are always the classic flight instruments like the compass, airspeed indicator, altimeter, etc the pilot can use!

Many planes use ACARS to communicate telemetry and system-level data between airline ground stations and the FMS. Most planes today DO have a datalink interface between the ACARS MU and the FMS.

But even if the attack is limited to "just" confusing the information on the flight display systems, that could certainly be enough to cause an accident. Look at Air France 447 and Aeroperu 603. You're in the soup, and the pilot display says you are at FL200 and 350 KIAS, the copilot display says FL310 and 180 KIAS, and your backup analog instrument say something else.

THIS. As a pilot (and an IT guy), I can tell you that we kind of like our cockpit instruments telling the truth at all times. I've been in a position where a gauge was telling me something pretty serious was going on (overheating engine) whereas other sources (oil pressure and temp, and engine running fine) were telling me otherwise. I still cut to idle and landed as soon as possible though. There were two of us in the cockpit. One of us troubleshoot the problem, the other flew the plane. There have been many accidents caused solely by pilots concentrating on weird cockpit readouts and not noticing they were losing altitude.....

I'm a pilot and programmer too, and I have a really hard time believing that the air speed, artificial horizon, Altimeter and compass are exploitable in this way. In the soup, that's all you need. The most important thing is and will always be what you say, though, FLY THE PLANE.

Easy to say (and I agree). But not so easy to do. Look at Aeroperu 603. IFR. Night. Over water. PFDs showing all kinds of screwy information. Are we at FL310? Are we at 180 KIAS? or 330? Two very experienced and competent pilots couldn't pull it off. Similar to Air France 447. Again, I don't know the full extent of the attacks, but I know enough to be *really* concerned.

You're absolutely right. The difference is that we already struggle with this problem. The Aeroperu, (both) Air France flights, and Colgan Air, and (I could go on) are the famous cases. I've been reading the ASRS callback back issues lately, and it's amazing how many minor examples of this problem there are. This exploit doesn't change the fundamentals, but it could add a new trigger.

THIS. As a pilot (and an IT guy), I can tell you that we kind of like our cockpit instruments telling the truth at all times.

While true, I'd certainly hope anyone flying the big iron has enough basic airmanship skills to know that "pitch + power = performance". That's something that was drilled into me during my training and I've never forgotten it.

Unfortunately the Air France crew didn't seem to have ever learned it, and ultimately I think this just highlights the much deeper and real concern - that a lot of the airline pilots flying these days don't have good "stick and rudder" skills anymore.